A Taxonomy of Recent Data Losses—First Presentation

Interhackers Matt Curtin and Lee Ayres present A
Taxonomy of Data Losses and their follow-up research
findings A Comparative Analysis of Three Years of
Breach Reports by Breach Type and Industry to the
Central Ohio ISSA at Platform Lab, 1275 Kinnear Road,
Columbus, Ohio, on February 20, 2008.

Abstract

Malicious hackers tend to steal headlines, but do their
stories correlate to the threats most prevalent in your
industry? Reviewing a selection of publicized security
incidents from 2005–2007, Curtin and Ayres propose a
taxonomy of breaches based on the threat/vulnerability
pair.

Following is analysis of documented incidents of each
type in several broadly defined industries. The data and
analysis provided will assist business leaders in making
informed decisions regarding the distribution of limited
information security assets.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional
services firm with clients all over North America. Founded in 1997
by a team of information security researchers, Interhack accepted
the mission to make global computing and communications
infrastructures worthy of trust. Interhack's two practice areas,
Information Assurance and Forensic Computing, support that
mission. The company is a supporting member of The Usenix Association.
Additional information about Interhack is available at web.interhack.com.